US11361090B2ActiveUtilityA1

System and method for enabling an interprocess communication in electronic control units of vehicles

87
Assignee: AO Kaspersky LabPriority: Jun 19, 2020Filed: Jan 28, 2021Granted: Jun 14, 2022
Est. expiryJun 19, 2040(~13.9 yrs left)· nominal 20-yr term from priority
G06F 9/54G06F 21/53G06F 15/16G06F 21/604B60K 37/00G06F 9/541
87
PatentIndex Score
2
Cited by
7
References
14
Claims

Abstract

A method for providing an interprocess interaction in an electronic control unit having an operating system defining a kernel space, wherein the method involves steps in which: the kernel of the operating system intercepts a request for an interprocess communication between a first application and a second application of the electronic control unit. A verdict is requested, from an access control component of the operating system, with respect to granting access for the requested interprocess communication between the first application and the second application of the electronic control unit. The access control component generates the verdict for the requested interprocess communication based on a security policy. The kernel of the operating system selectively allows the requested interprocess communication between the first application and the second application based on the generated verdict.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method for providing an interprocess interaction in an electronic control unit having an operating system defining a kernel space, the method comprising:
 intercepting, by the kernel of the operating system, a request for an interprocess communication between a first application and a second application of the electronic control unit; 
 requesting a verdict, from an access control component of the operating system, with respect to granting access for the requested interprocess communication between the first application and the second application of the electronic control unit; 
 generating, by the access control component, the verdict for the requested interprocess communication based on a security policy, wherein the security policy includes a list containing a plurality of data elements, wherein each of the plurality of data elements indicates at least an identifier of a client application, an identifier of a service application and an identifier of a service allowed to be performed by the service application, wherein the kernel sends to the access control component an identifier of the first application, an identifier of the second application and an identifier of a service to be performed by the second application, wherein the access control component generates an affirmative verdict in response to finding in the list a data element matching the identifier of the first application, the identifier of the second application and the identifier of the service and wherein the access control component generates a negative verdict in response to not finding in the list a data element matching the identifier of the first application, the identifier of the second application and the identifier of the service; and 
 selectively allowing, by the kernel of the operating system, the requested interprocess communication between the first application and the second application based on the generated verdict. 
 
     
     
       2. The method of  claim 1 , wherein the access control component has an exclusive authority to make access grant decisions with respect to the interprocess communication. 
     
     
       3. The method of  claim 1 , wherein the kernel allows the requested interprocess communication based on the affirmative verdict generated by the access control component and wherein the kernel blocks the requested interprocess communication based on the negative verdict generated by the access control component. 
     
     
       4. The method of  claim 1 , wherein the list is created based on a specification defining access of a corresponding application to one or more services of a different application. 
     
     
       5. The method of  claim 4 , wherein the specification includes at least one or more computing resources required by the corresponding application, run time environment conditions required by the corresponding application, one or more interfaces provided by the corresponding application. 
     
     
       6. A system for providing an interprocess interaction in an electronic control unit having an operating system defining a kernel space, the system comprising:
 a hardware processor configured to: 
 intercept, by the kernel of the operating system, a request for an interprocess communication between a first application and a second application of the electronic control unit; 
 request a verdict, from an access control component of the operating system, with respect to granting access for the requested interprocess communication between the first application and the second application of the electronic control unit; 
 generate, by the access control component, the verdict for the requested interprocess communication based on a security policy, wherein the security policy includes a list containing a plurality of data elements, wherein each of the plurality of data elements indicates at least an identifier of a client application, an identifier of a service application and an identifier of a service allowed to be performed by the service application, wherein the kernel sends to the access control component an identifier of the first application, an identifier of the second application and an identifier of a service to be performed by the second application, wherein the access control component generates an affirmative verdict in response to finding in the list a data element matching the identifier of the first application, the identifier of the second application and the identifier of the service and wherein the access control component generates a negative verdict in response to not finding in the list a data element matching the identifier of the first application, the identifier of the second application and the identifier of the service; and 
 selectively allow, by the kernel of the operating system, the requested interprocess communication between the first application and the second application based on the generated verdict. 
 
     
     
       7. The system of  claim 6 , wherein the access control component has an exclusive authority to make access grant decisions with respect to the interprocess communication. 
     
     
       8. The system of  claim 6 , wherein the kernel allows the requested interprocess communication based on the affirmative verdict generated by the access control component and wherein the kernel blocks the requested interprocess communication based on the negative verdict generated by the access control component. 
     
     
       9. The system of  claim 6 , wherein the list is created based on a specification defining access of a corresponding application to one or more services of a different application. 
     
     
       10. The system of  claim 9 , wherein the specification includes at least one or more computing resources required by the corresponding application, run time environment conditions required by the corresponding application, one or more interfaces provided by the corresponding application. 
     
     
       11. A non-transitory computer readable medium storing thereon computer executable instructions for providing an interprocess interaction in an electronic control unit having an operating system defining a kernel space, including instructions for:
 intercepting, by the kernel of the operating system, a request for an interprocess communication between a first application and a second application of the electronic control unit; 
 requesting a verdict, from an access control component of the operating system, with respect to granting access for the requested interprocess communication between the first application and the second application of the electronic control unit; 
 generating, by the access control component, the verdict for the requested interprocess communication based on a security policy, wherein the security policy includes a list containing a plurality of data elements, wherein each of the plurality of data elements indicates at least an identifier of a client application, an identifier of a service application and an identifier of a service allowed to be performed by the service application, wherein the kernel sends to the access control component an identifier of the first application, an identifier of the second application and an identifier of a service to be performed by the second application, wherein the access control component generates an affirmative verdict in response to finding in the list a data element matching the identifier of the first application, the identifier of the second application and the identifier of the service and wherein the access control component generates a negative verdict in response to not finding in the list a data element matching the identifier of the first application, the identifier of the second application and the identifier of the service; and 
 selectively allowing, by the kernel of the operating system, the requested interprocess communication between the first application and the second application based on the generated verdict. 
 
     
     
       12. The non-transitory computer readable medium of  claim 11 , wherein the access control component has an exclusive authority to make access grant decisions with respect to the interprocess communication. 
     
     
       13. The non-transitory computer readable medium of  claim 11 , wherein the kernel allows the requested interprocess communication based on the affirmative verdict generated by the access control component and wherein the kernel blocks the requested interprocess communication based on the negative verdict generated by the access control component. 
     
     
       14. The non-transitory computer readable medium of  claim 11 , wherein the list is created based on a specification defining access of a corresponding application to one or more services of a different application.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.